← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Actors Leverage Claude Code Leak as Social Engineering Lure to Distribute Malicious Payloads via GitHub
WHITE Tr1sa111 2026-04-14 Modified: 2026-04-14
20
IOCs
MEDIUM VOLUME
tradedownloaderghostsockssocial engineeringzero trustgithub deliveryvidarvidar stealertrojanized repositoriesai securityclaude code leakghostsocks trojan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vidar GhostSocks TradeDownloader
Indicators of Compromise (20)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
IPv4 94.228.161.88 2026-04-14
FileHash-MD5 3388b415610f4ae018d124ea4dc99189 2026-04-14
FileHash-MD5 77c73bd5e7625b7f691bc00a1b561a0f 2026-04-14
FileHash-MD5 81fb210ba148fd39e999ee9cdc085dfc 2026-04-14
FileHash-MD5 8660646bbc6bb7dc8f59a764e25fe1fd 2026-04-14
FileHash-MD5 9a6ea91491ccb1068b0592402029527f 2026-04-14
FileHash-MD5 d8256fbc62e85dae85eb8d4b49613774 2026-04-14
FileHash-SHA1 4c3b9af7995072965e763fca0e472f00b84a8aea 2026-04-14
FileHash-SHA1 7798feb26b98bb11f758d68e10fed0e0d7c78881 2026-04-14
FileHash-SHA1 7942f7097e151f90cb5c9f579042c36133e93306 2026-04-14
FileHash-SHA1 dff9ea007c0b24d35fd7393313c64a4b42ed1109 2026-04-14
FileHash-SHA256 06f63fe3eba5a2d1e2177d49f25721c2bdd90f3c46f19e29740899fa908453bf 2026-04-14
FileHash-SHA256 7d5e84dd59165422f31a5a0e53aabba657a6fbccc304e8649f72d49e468ae91a 2026-04-14
FileHash-SHA256 afa34c71a45f21d599c0bd90ac9026f68727aab0019c3b378956401475180c9c 2026-04-14
FileHash-SHA256 b4554c85f50c56d550d6c572a864deb0442404ddefe05ff27facb3cbfb90b4d6 2026-04-14
IPv4 147.45.197.92 2026-04-14
URL https://147.45.197.92:443 2026-04-14
URL https://94.228.161.88:443 2026-04-14
URL https://rti.cargomanbd.com 2026-04-14
hostname rti.cargomanbd.com 2026-04-14
References (1)
↗ https://www.zscaler.com/blogs/security-research/anthropic-claude-code-leak